VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :PayDemo.apk (File not down)
File Size :76125 byte
File Type :application/jar
MD5:aadf54672b1593a0a1be708abadaabdd
SHA1:a7b20fcbc6d96bf327ff3c30bd1a9de166b10da8
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-12-14 15:08:08 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 161213-0 4.7.4 2016-12-13 Found nothing 60
    avg 2109/13073 10.0.1405 2016-12-11 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 42
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 22697 0.97.5 2016-12-11 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2016-12-09 Found nothing 60
    fortinet 41.333, 41.333, 41.333 5.4.233 2016-12-12 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.8610 25.8610 2016-10-12 Found nothing 9
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2016-12-01 Found nothing 40
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Found nothing 6
    mcafee 8254 5400.1158 2016-08-11 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2016-12-13 Found nothing 4
    pcc 12.954.06 9.500-1005 2016-12-11 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 5
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2016-12-13 Found nothing 2
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2016-12-12 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2016-12-13 Found nothing 13
    vba 3.12.29.3 beta 3.12.29.3 beta 2016-12-08 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.MOUNT_FORMAT_FILESYSTEMS格式化文件系统
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_NETWORK_STATE变更网络状态
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_SMS读取短信
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.SEND_SMS发送短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
  • 文件信息
    安全评分 :
    基本信息
    MD5:aadf54672b1593a0a1be708abadaabdd
    包名:com.pay.demo
    最低运行环境:Android 2.3, 2.3.1, 2.3.2
    版权:
    关键行为
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x000403dc, Text = Setup - WinASO Registry Optimizer, ClassName = TWizardForm.
    hWnd = 0x001c0324, Text = Setup, ClassName = TApplication.
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00400000, ResName: REGDLL_EXE, ResType:
    (FindResourceA) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType:
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x00010632.
    行为描述:获取TickCount值
    详情信息:TickCount = 5456956, SleepMilliseconds = 50.
    TickCount = 5457018, SleepMilliseconds = 50.
    TickCount = 5457081, SleepMilliseconds = 50.
    TickCount = 5457143, SleepMilliseconds = 50.
    TickCount = 5457206, SleepMilliseconds = 50.
    TickCount = 5457268, SleepMilliseconds = 50.
    TickCount = 5457331, SleepMilliseconds = 50.
    TickCount = 5457393, SleepMilliseconds = 50.
    TickCount = 5457456, SleepMilliseconds = 50.
    TickCount = 5457518, SleepMilliseconds = 50.
    TickCount = 5457581, SleepMilliseconds = 50.
    TickCount = 5457643, SleepMilliseconds = 50.
    TickCount = 5457706, SleepMilliseconds = 50.
    TickCount = 5457768, SleepMilliseconds = 50.
    TickCount = 5457831, SleepMilliseconds = 50.
    进程行为
    行为描述:创建新文件进程
    详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0AFRI.tmp\is-GMNCF.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0AFRI.tmp\is-GMNCF.tmp" /SL4 $C02AE "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe" 7767534 52224
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_RegDLL.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_shfoldr.dll
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_RegDLL.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_shfoldr.dll
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_RegDLL.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_shfoldr.dll
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp ---> Offset = 131072
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp ---> Offset = 196608
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp ---> Offset = 262144
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_RegDLL.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_shfoldr.dll ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0AFRI.tmp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0AFRI.tmp\is-GMNCF.tmp
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\「开始」菜单
    FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-P25PU.tmp\*
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-P25PU.tmp\_isetup\*
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.EHE
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [Setup - WinASO Registry Optimizer,TWizardForm]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
    CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
    MSCTF.SendReceiveConection.Event.ELH.IC
    MSCTF.SendReceive.Event.ELH.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:获取TickCount值
    详情信息:TickCount = 5456956, SleepMilliseconds = 50.
    TickCount = 5457018, SleepMilliseconds = 50.
    TickCount = 5457081, SleepMilliseconds = 50.
    TickCount = 5457143, SleepMilliseconds = 50.
    TickCount = 5457206, SleepMilliseconds = 50.
    TickCount = 5457268, SleepMilliseconds = 50.
    TickCount = 5457331, SleepMilliseconds = 50.
    TickCount = 5457393, SleepMilliseconds = 50.
    TickCount = 5457456, SleepMilliseconds = 50.
    TickCount = 5457518, SleepMilliseconds = 50.
    TickCount = 5457581, SleepMilliseconds = 50.
    TickCount = 5457643, SleepMilliseconds = 50.
    TickCount = 5457706, SleepMilliseconds = 50.
    TickCount = 5457768, SleepMilliseconds = 50.
    TickCount = 5457831, SleepMilliseconds = 50.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x000403dc, Text = Setup - WinASO Registry Optimizer, ClassName = TWizardForm.
    hWnd = 0x001c0324, Text = Setup, ClassName = TApplication.
    行为描述:窗口信息
    详情信息:Pid = 1472, Hwnd=0x40382, Text = Welcome to the WinASO Registry Optimizer Setup Wizard , ClassName = TNewStaticText.
    Pid = 1472, Hwnd=0xb03ba, Text = This will install WinASO Registry Optimizer 5.2.0 on your computer. It is recommended that you close all other applications before continuing. Click Next to continue, or Cancel to exit Setup., ClassName = TNewStaticText.
    Pid = 1472, Hwnd=0x603c6, Text = X.M.Y. International LLC. End User License Agreement NOTICE TO USER: THIS IS A CONTRACT. BY INSTALLING THIS SOFTWARE, YOU ACCEPT, ClassName = TRichEditViewer.
    Pid = 1472, Hwnd=0x6037e, Text = &Next >, ClassName = TButton.
    Pid = 1472, Hwnd=0x403ca, Text = Cancel, ClassName = TButton.
    Pid = 1472, Hwnd=0x403dc, Text = Setup - WinASO Registry Optimizer, ClassName = TWizardForm.
    Pid = 1472, Hwnd=0xd0364, Text = 是(&Y), ClassName = Button.
    Pid = 1472, Hwnd=0xb0366, Text = 否(&N), ClassName = Button.
    Pid = 1472, Hwnd=0x110322, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
    Pid = 1472, Hwnd=0xd0336, Text = Exit Setup, ClassName = #32770.
    Pid = 1472, Hwnd=0x403fc, Text = 是(&Y), ClassName = Button.
    Pid = 1472, Hwnd=0x603e0, Text = 否(&N), ClassName = Button.
    Pid = 1472, Hwnd=0x503ec, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
    Pid = 1472, Hwnd=0xa03fa, Text = Exit Setup, ClassName = #32770.
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00400000, ResName: REGDLL_EXE, ResType:
    (FindResourceA) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType:
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x00010632.
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_RegDLL.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 50.
    [2]: MilliSeconds = 50.
    [3]: MilliSeconds = 50.
    [4]: MilliSeconds = 50.
    [5]: MilliSeconds = 50.
    [6]: MilliSeconds = 50.
    [7]: MilliSeconds = 50.
    [8]: MilliSeconds = 50.
    [9]: MilliSeconds = 50.
    [10]: MilliSeconds = 50.
    [2]: MilliSeconds = 250.
    [3]: MilliSeconds = 250.
    [4]: MilliSeconds = 250.
    [5]: MilliSeconds = 250.
    [6]: MilliSeconds = 250.
    行为描述:创建事件对象
    详情信息:EventName = MSCTF.SendReceive.Event.EHE.IC
    EventName = MSCTF.SendReceiveConection.Event.EHE.IC
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-0AFRI.tmp\is-GMNCF.tmp ---> b683339ce008e97a0243a0f83bca1e09
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_RegDLL.tmp ---> bb211d7a8cea15072de7425403508c17
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-P25PU.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Activities
    活动名类型
    com.example.demo.Mainandroid.intent.action.MAIN
    com.example.demo.Mainandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    ContentResolver;->delete删除短信、联系人
    java/net/URL;->openConnection连接URL
    HttpClient;->execute请求远程服务器
    SmsManager;->sendTextMessage发送普通短信
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getSimSerialNumber获取SIM序列号
    TelephonyManager;->getLine1Number获取手机号
    SmsManager;->sendDataMessage发送二进制消息
    权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.MOUNT_FORMAT_FILESYSTEMS格式化文件系统
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_NETWORK_STATE变更网络状态
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_SMS读取短信
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.SEND_SMS发送短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    文件列表
    文件名 校验码
    res/layout/paymain.xml 0xfb6a779f
    AndroidManifest.xml 0xeeebe1e0
    resources.arsc 0x823cfb20
    res/drawable-hdpi/ic_launcher.png 0xf248df62
    res/drawable-mdpi/ic_launcher.png 0x6a84dfd9
    res/drawable-xhdpi/ic_launcher.png 0xa227fc8a
    res/drawable-xxhdpi/ic_launcher.png 0x2a4a99d1
    classes.dex 0x48fe8519
    META-INF/MANIFEST.MF 0x92a0e65b
    META-INF/CERT.SF 0x5e422980
    META-INF/CERT.RSA 0x359eae92
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号